Tagged Questions

Risk management is the identification, assessment, and prioritization of risks - defined in ISO 31000 as the effect of uncertainty on objectives, whether positive or negative - followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or ...

As the title indicates, I'm looking for industry best practices for enabling Windows Remote Management on a mix of Windows Servers (from 2000, 2003, 2008/R2 and 2012) to allow PowerShell to execute ...

How can historical events be leveraged in terms of a risk assessment. I know you could for instance look at malware infections over the past x months to perform a better estimation of for your malware ...

The control + j feature within PeopleSoft outputs a list of potentially interesting data for a potential attacker. The feature is generally used to aid in debugging. Here is a the [censored] output ...

In REF to http://threatpost.com/ipmi-protocol-bmc-vulnerabilities-expose-thousands-of-servers-to-attack and the hacks of several companies and web hosts have been hit and had their servers wiped from ...

I am putting together a presentation comparing CDN services that also provide DDoS protection. I have to do a really good job on this and I'm not a security expert. For lack of direction, I've copied ...

When it comes to technologies that directly affect information security, how do you determine when it is better to use an automatic option instead of a manual option, and vice versa? I already feel ...

The calculation of RAVs in OSSTMM seem very useful as a security metric but, can they be the base for a risk assessment methodology compliant with the new ISO 27001:2013 and ISO 31000?
ISO 27001:2013 ...

I am part of an in-house development team that provides the software that is used in our company's factories across the world for production as well as for order management, and which also enables the ...

I would like to ask about how can someone adopt certain security model in the organizations what are the criteria that controls how I can pick the best security model for my organization
For example ...

I am working on my first IT Risk Assessment assignment and even though I have the steps required and understanding of the system I am working on, I was wondering if there was a list of generic IT Risk ...

If I am using some proxy service, proxy service provider can know my passwords to my online accounts. In which case my ISP can filter my requests and get my passwords to my online accounts? And how ...

Some say that ignored risks as part of an organization's behavior are much worse than accepted risks.
I would like to test that axiom (in the eyes of some).
When I am handling a risk and I choose to ...

The company I work for had me develop a WordPress site for their intranet. Now they are saying that it poses security risks and they would like to shut it down and have me use another CMS (SharePoint ...

When a machine has been infected with malware, most of us here immediately identify the appropriate action as "nuke it from orbit" - i.e. wipe the system and start over. Unfortunately, this is often ...

Security is never 100%. There is a need to balance risk and cost. Risk assessments need to be performed to determine the cost-effectiveness of preventive measures.
There are a few questions I would ...

What are the problems with bring-your-own-device related to smartphones?
Companies see this more and more everyday, people want to use their personal devices on the corporate network or even use them ...

I was doing some research on Content Delivery Networks. For those who don't know, a CDN is a large collection of servers that cache and quickly serve up static content such as images, css, js, etc, to ...

I'm attempting to compile resources on industrial IT security from a non-technical standpoint as it pertains to the U.S petrochemical industry. This is for my final research paper as an undergraduate ...

When attempting to sell a product online (for instance, on craigslist) there is a very good chance you will be the target of a social engineer; this is especially true when you are selling high-value ...